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^ (54) Title: RECOVERY OF A MASTER KEY FROM RECORDED PUBUSHED MATERIAL 

§5 (57) Abstract: An encryption of a master key is included with each recording of encrypted published material that requires the mas- 
ler key for decryption and subsequent processing. The master key is encrypted using a public key associated with a trusted authority, 
typically encoded on a smancard that is associated with each authorized user. Should the smartcard be lost, or the decryption device 
become inoperative, one of the recordings containing the encrypted master key is sent to the busted authority for a retrieval of the 
master key. The trusted authority uses the private key corresponding to the public key that was used to encrypt the master key to 
determine the master key. In a preferred embodiment, the trusted authority is the vendor of the smancard or other encryption/decryp- 
tion dexice, and provides a replacement smancard or device containing the retrieved master key, typically for a fee, for subsequent 
use by the user to decrypt other recorded material in the user's coUection. 
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Recovery of a master key from recorded published material 



PCT/EPOO/08054 



This invention relates to the field of consumer electronics, and in particular to 
the recovery of published material that is recorded in an encrypted form. 

5 Digital recordings have the imique property that copies of the content material 

have the same quality as the original. As such, the need for an effective copy protection 
scheme is particularly crucial for the protection of content material that is digitally recorded. 
A number of protection schemes have been developed or proposed that record the content 
material in an encrypted form. Other protection schemes have been developed or proposed 

10 that record an encrypted key that controls the playback, or rendering, of the content material. 
In a number of these schemes, a "smartcard" is used to decrypt the encrypted information. 
The smartcard contains a master key that is used to encrypt and decrypt the content material 
or to encrypt or decrypt another key that controls the rendering of the content material. 
Alternatively, the master key is contained v^ithin the recording or playback device, or within 

1 5 a content-access-module that is used to decrypt the content material. A smartcard or content- 
access-module is typically preferred, so as to allow the use of alternative or replacement 
recording or playback devices. 

After some time, the user will accumulate a collection of recordings that 
contain content material that can only be accessed via the use of the smartcard containing the 

20 master key. In this encrypted environment, a loss of the smartcard, or a failure of the content- 
access-module will effectively render the user's collection of recordings virtually worthless. 
Other encrypted collections, such as computer file systems, are also equally vuhierable to the 
loss of an access device or master key. A conventional method for alleviating the 
inconvenience and impact associated with the loss of a smartcard is to maintain a registry of 

25 each smartcard and its associated master key. Such a system, however, requires that the user 
have a means for identifying the particular smartcard after it is lost, or requires that the 
registry contain an identification of each user of each smartcard. Such a system is difBcult to 
administer, and prone to administrative mishaps that could result in the complete loss of the 
user's collection due to a misregistration or erroneous identification of the user. 
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In the field of law enforcement and national security, "digital lockbox" 
techniques have been proposed for providing emergency access to encrypted files by 
encrypting the master key using a public key of a trusted authority, and including the 
encryption of the master key with each encrypted file. U.S. Patents 5,557,346 and 5,557,765, 
5 and PCT publications WO 99/04530 and WO 98/47260 discuss these techniques, and are 
incorporated by reference herein. The techniques presented in these publications, however, 
are encumbered with various safeguards to prevent the unauthorized access to the encrypted 
information, to protect the privacy of the individual who created the information. 

In the field of consumer electronics, different considerations from law 

1 0 enforcement are relevant. The content material is intended to be published for use by the 
general public. This published material is encrypted to prevent it from being copied or used 
by persons other than those who have acquired the right to access the published material, and 
those who have acquired the right to access the material have no privacy rights or concerns 
regarding access to the material. In effect, the encryption process inconveniences those who 

1 5 have acquired the right to access the published material. The success of imposing the 

proposed encryption schemes for safeguarding copy protected published material will be 
highly dependent on the general public's acceptance of this inconvenience, and in particular, 
to any loss of value incurred due to a misplaced or defective decryption device. 

20 

It is an object of this invention to provide a method and device for recording 
encrypted published material that facilitates a simple retrieval of a master key that can be 
used to decrypt the published material. It is a fiirther object of this invention to provide a 
method of providing a replacement decryption device that contains a master key that is 

25 suitable for decrypting encrypted information. 

This objective and others are achieved by including an encryption of a master 
key with each recording that contains encrypted published material that requires the master 
key for decryption and subsequent processing. The master key is encrypted using a pubhc 
key associated with a trusted authority. Should the smartcard be lost, or the decryption device 

30 become inoperative, any one of the recordings containing the encrypted master key is sent to 
the trusted authority for a retrieval of the master key. The trusted authority uses the private 
key corresponding to the public key that was used to encrypt the master key to determine the 
master key. In a preferred embodiment, the trusted authority is the vendor of the smartcard or 
other encryption/decryption device, and provides a replacement smartcard or device 
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containing the retrieved master key, typically for a fee, for subsequent use by the user to 
decrypt other recorded material in the user's collection. 



5 The invention is explained in further detail, and by way of example, with 

reference to the accompanying drawings wherein: 

FIG. 1 illustrates an example block diagram of a system for recording 
encrypted published material in accordance with this invention. 

FIG. 2 illustrates an example flow diagram of a system for recording 
1 0 encrypted published material in accordance with this invention. 

FIG. 3 illustrates an example flow diagram for the retrieval of a master key in 
accordance with this invention. 

Throughout the drawings, same reference numerals indicate similar or 
corresponding features or functions. 

15 

FIG. 1 illustrates an example block diagram of a system 100 for recording 
encrypted published material, such as audio content, audio-visual content, virtual-reality 
content, multi-media content, and the like, in accordance with this invention. For the 

20 purposes of this specification, the term published material is used in the general sense of 
content material that is recorded by one party for distribution to other parties, typically the 
general public. That is, the encryption of the material is not to preserve the secrecy of the 
content material, but rather to preserve the copy and viewing rights to the published material. 

An encryption device 110 receives the content material 101 and provides 

25 encrypted material to a recording device 130 for recording onto a medium 140. As is 

common in the art, the content material 101 is often communicated from a source, such as a 
"pay-per-view" broadcaster, in encrypted form and decrypted locally. For ease of 
understanding, this decryption stage is not illustrated in FIG. 1 and is not discussed further in 
this disclostire. 

30 Depending upon the specific standard or convention employed by the 

encryption device 1 10, the encryption device 110 encrypts the content material using either a 
master key M 121 to produce an encryption Em(CM) 1 12, or a session key K to produce an 
encryption Ek(CM) 114. The master key M 121 is intended to remain constant for all 
encryptions of the particular system 1 00, and is commonly provided by, for example, a 
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smartcard, illxistrated in FIG. 1 as an access device 120. Alternatively, the access device 120 
may be embodied within a separate access module, such as a set-top-box or other device. As 
is common in the art, the session key K may change for each particular content material, or 
each content material classification, and may contain, for example, a ticket or other item that 
5 identifies the display or copy rights to the content material. Copending U.S. Patent 

Application "Copy Protection by Ticket Encryption", serial number 09/333,628, filed 6/15/99 
for Michael Epstein, Attorney docket PHA 23,457, presents techniques for copy and display 
protection of copyright material, and is incorporated by reference herein. The session key K 
is commonly generated locally, using, for example, a key-exchange between the encryption 

10 device 110, and a corresponding decryption device 160. Copending U.S. Patent Application 

"Key Exchange Via a Portable Remote Control Device", serial number , filed 

for Michael Epstein, Attorney docket PHA (Disclosure 700621), presents methods and 

applications for exchanging cryptography keys between authorized devices, and is 
incorporated by reference herein. 

15 In accordance with this invention, the access device 120 that provides the 

master key M 121 also provides a public key P 122 that is associated with a trusted authority, 
such as the vendor of the access device 120. The public key P 122 is part of a public-private 
key-pair, the private key of the key-pair being a secret kept at the trusted authority. An item 
that is encrypted using the pubhc key of the key-pair can only feasibly be decrypted by the 

20 private key of the key-pair. The encryption device 1 10 encrypts the master key M 121 using 
the public key P 122, and communicates the encrypted master key Ep(M) 1 1 1 to the 
recording device 130 for inclusion on the medium 140 with the encrypted content material 
Em(CM) 1 12 or Ek(CM) 1 14. If the encrypted content material is encoded using the session 
key fC, the encryption device 1 10 also encrypts the session key K using the master key M, 

25 and provides an encrypted session key Em(K) 1 13 to the recording device 130 for inclusion 
on the mediimi 140 as well. In many cases, it is difficult to store a session key K on a 
smartcard, whereas the inclusion of an encryption of the session key based on a master key M 
121 provides a means for retrieving the session key K via the use of a smartcard containing 
the master key M 121 . Note that by encrypting the content material CM 101 or the key K to 

30 decrypt the encrypted content material Ek(CM) 1 14 using the master key M 121, and storing 
these encryptions 111, 1 12 or 1 1 1, 113, 1 14 on the mediimi 100, the content material CM 101 
can be recovered by a decryption, or series of decryptions, based on the master key M 121 . 

To render the encrypted content material that is stored on the medium 140, a 
playback device 1 50 communicates the encrypted material 1 1 1, 1 12 or 1 1 1, 1 13, 1 14 from 
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the medium 140 to the decryption device 160. The medixim 140 may be any of a variety of 
recording mediums including magnetic tape, magnetic disks, laser disks, CDs, DVDs, and so 
on. The playback device 150 is a corresponding device for reading the material on the 
mediimi. If the medium 140 is a hard disk drive, for example, the playback device 150 may 
5 be a computer system that reads files that are stored on a hard disk drive. The decryption 
device 160 can receive the master key from the access device 120, if required. If the content 
material CM 101 is encrypted using the session key K, as Ek(CM) 1 14, and the decryption 
device 160 is privy to the session key K, it does not need the master key M 121 to decr>T>t a 
copy 1 or of the content material CM 1 01. If, on the other hand, the decryption device 160 

10 does not have direct access to session key K, or the content material CM 101 is encrypted 
using the master key M 121, as Em(CM) 1 12, the decryption device 160 receives the master 
key M 121 from the access device 120 and provides thereafter a copy 101' of the content 
material CM 101 . This copy 101' of the content material CM 101 is provided to a 
conventional rendering device 170 for presentation to the user in a suitable foma. For 

15 example, if the content material CM 101 is an audio recording, the rendering device 170 
provides an audio representation of the content material CM 101. Similarly, if the content 
material CM 101 is a plurality of stimuli associated w^ith a virtual reality environment, the 
rendering device 170 provides the appropriate representations of each of the recorded stimuli. 

FIG. 2 illustrates an example flow diagram for recording encrypted content 

20 material in accordance with this invention, as may be effected by the encryption device 1 10 
of FIG. 1. For ease of understanding, the use of a session key K, and the encryption of the 
session key K using the master key M, is not illustrated in FIG. 2; the details for adding this 
option will be evident to one of ordinary skill in the art in view of this disclosure. The 
process commences upon receipt of the content material CM, at 210. Thereafter, the 

25 encryption device 1 10 receives a master key M and a public key P, at 220, typically from an 
access device 120 in FIG. 1 . The encryption device 110 encrypts the master key M using the 
public key P, at 230, and records the encrypted master key Ep(M), at 240. The content 
material is encrypted, at 250, using the master key M, and the encrypted content material 
Em(CM) is similarly recorded, at 260. In accordance with this invention, the recording of the 

30 encrypted master key Ep(M) and the encrypted content material Em(CM) is preferably stored 
on the same medixmi 140. 

As can be seen from the above, a knowledge of the master key M allows for 
the decryption of all material that is recorded in accordance with this invention. 
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FIG. 3 illustrates an example flow diagram for the retrieval of a master key M 
in accordance with this invention. FIG. 3 illustrates example actions that occur at a provider's 
locale and at a user's locale. At 3 10, the provider provides a master key M and a public key P 
to the user, the master key M and public key P being typically provided on a smartcard that is 
5 used to facilitate the encryption of copy-protected material via a conforming system 350. 
Alternatively, the master key M may be generated randomly on the smart card, and not 
known to the provider. As noted above, a niunber of standards have been proposed that call 
for the encryption of copy-protected material using a master key M that is imique for each 
user, to prevent the uncontrolled reproduction of copy-protected content material CM, A 

10 conforming system 350 effects and enforces the encryption and copy protection in 

accordance with these standards. Via the conforming system 350 that includes encryption, 
decryption, recording, and playback capabihties, the user is able to create a collection 360 of 
encrypted content material CM that conforms to the appropriate standards, and is able to 
decrypt and playback the encrypted content material CM, via the use of the provided master 

15 keyM. 

If the user loses the master key M, or the smartcard becomes faulty, the 
provider provides the user with a replacement master key M, via the following process, 
illustrated in FIG. 3. The user selects an individual encrypted recording 361 from the 
collection 360 and sends it to the provider. In lieu of sending the original encrypted recording 

20 361, a copy of the recording 361 can be sent, provided that the copy contains an unmodified 
copy of the encrypted master key Ep(M). The provider decrypts the encrypted master key 
Ep(M), using the corresponding private key p, at 320, and provides a replacement copy of the 
master key M and public key K, at 330, typically by sending the user a replacement 
smartcard in return for a servicing fee. In this manner, by paying the associated service fees, 

25 a user is able to continue to access and playback each recording of the user's collection 360. 

FIG. 4 illustrates an example block diagram of a system for providing a 
replacement access device 120* in accordance with this invention. The playback device 410 
accesses the encrypted recording 361 from the user's collection 360 of FIG. 3 to provide the 
encrypted master key Ep(M) to a decryption device 420. The decryption device 420 uses the 

30 private key p 401 to decrypt the encrypted master key Ep(M) to provide the master key M. A 
programming device loads the decrypted master key M, and the public key P corresponding 
to the private key p 401 into the duplicate access device 120' that is sent back to the user, 
typically with the encrypted recording 361 . 
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The foregoing merely illustrates the principles of the invention. It will thus be 
appreciated that those skilled in the art will be able to devise various arrangements which, 
although not explicitly described or shown herein, embody the principles of the invention and 
are thus within its spirit and scope. For example, controls may be incorporated into the 
5 process illustrated in FIG. 3 to assure that the number of copies of the master key M is 

limited. For example, a simple record of the number of times a master key M is provided can 
be maintained, and further copies of the master key M may be precluded. Alternatively, 
providing each copy of the master key M can have an increasingly higher fee charged, or 
some other procedure employed, so as to make an unauthorized mass distribution of the same 

10 master key M economically infeasible, or highly inefficient. 

The particular structures and functions of the figures in this disclosure are 
presented for illustration purposes. Other configurations and functional implementations are 
feasible. For example, the access device 120 may be a programmable device that is 
downloaded with a master key M upon activation. Thereafter, the aforementioned process of 

15 replacing the access device 120 may include the downloading of a copy of the master key M, 
based on a transmission of encrypted master key Ep(M) to the downloading entity. These and 
other system configuration and optimization features will be evident to one of ordinary skill 
in the art in view of this disclosure, and are included within the scope of the following 
claims. 
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CLAIMS: 



1 . A method for recording published material (101) comprising: 

encrypting (210) the published material (101) to produce an encrypted content (112, 114) that 
depends upon a master key (121) to facilitate a decryption of the encrypted content (112, 
1 14), encrypting (230) the master key (121) to produce an encrypted master key (111) that 
5 depends upon a private key (p) to facilitate a decryption of the master key (121), 

recording (240) the encrypted master key (1 1 1) and the encrypted content (112, 1 14) on a 
recording medium (140). 

2. The method of claim 1 , wherein 

10 encrypting (210) the pubHshed material (101) includes: 

encrypting the published material (101) using a first key (K) to produce the 
encrypted content (114), 

encrypting the first key (K) to produce an encrypted first key (113) that 
depends upon the master key (121) to facilitate a decryption of the first key(K), and 
1 5 the method further inc ludes : 

recording the encrypted first key (1 13) on the recording medium (140). 

3 . The method of claim 1 , wherein the encrypting (230) of the master key (121) 
is based on a public key (P) that corresponds to the private key (p) as a public-private key 

20 pair. 

4. The method of claim 1, wherein the published material (101) comprises at 
least one of: audio material, video material, audio-visual material, and virtual reality material. 

25 5, The method of claim 1, wherein the recording medium (14Q) is at least one of: 

a magnetic tape, a magnetic disk, a laser disk, a CD, and a DVD. 

6. A method of providing a replacement access device (120*) for facilitating a 

decryption of an encrypted content material (112, 114) comprising: 
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receiving a recording (361) from a user that includes an tacryption (1 1 1) of a master key 
(121) based on a public key (P), decrypting (320) the encryption (1 11) of the master key 
(121) to produce a copy of the master key (121), using a private key (p) that corresponds to 
the public key (P) as a public-private key pair, encoding (430) the copy of the master key 
5 (121) in the replacement access device (120'), and providing (330) the replacement access 
device (120*) to the user. 

7. The method of claim 6, further including: 

providing an original access device (120) that contains the master key (121) to the user. 

10 

8. The method of claim 6, further including: 

maintaining a record of each copy of the master key (121), and providing (330) the 
replacement access device (120*) in dependence upon the record. 

15 9. The method of claim 6, further including: 

assessing a fee for providing the replacement access device (120*). 

10. The method of claim 9, further including: 

maintaining a record of each copy of the master key (121), and determining the fee for 
20 providing the replacement access device (120*) in dependence upon the record. 

1 1. The method of claim 10, wherein 
determining the fee includes: 

determining a number of occurrences of each copy of the master key (121), 
25 and determining the fee in correlation with the number of occurrences. 

12. The method of claim 6, wherein the recording (361) is contained on at least 
one of: a magnetic tape, a magnetic disk, a laser disk, a CD, and a DVD. 

30 13. A system comprising: 

an encryption device (110) that is configured to: 

encrypt published material (101) to provide encrypted content material (112, 114) whose 
decryption depends upon a master key (121), and encrypt the master key (121) to provide an 
encrypted master key (111) whose decryption depends upon a private key (p), and a 



BNSDOCID: <WO 01 18807A2_L> 



wo 01/18807 PCT/EPOO/08054 

10 

recording device (130) that is configured to record the encrypted master key (1 1 1) and the 
encrypted content material (112, 1 14) on a recording medium (140). 

14. The system of claim 13, wherein the recording medium (140) is at least one of: 
5 a magnetic tape, a magnetic disk, a laser disk, a CD, and a DVD. 

15. The system of claim 13, wherein the encryption device (1 10) is configured to 
encrypt the master key (121) based on a public key (P) that corresponds to the private key (p) 
as a public-private key pair. 

10 

16. The system of claim 13, wherein the encryption device (1 10) is configured to 
encrypt the published material such that: 

the published material (101) is encrypted via a first key (K) to produce the encrypted content 
material (114), and the first key (K) is encrypted via the master key (121) to produce an 
15 encrypted first key (1 13), and, the recording device (130) is further configured to record the 
encrypted first key (113). 

17. A system for providing a replacement access device (120') comprising: 

a playback device (410) that provides an encrypted master key (1 1 1) fi-om a recording (361) 
20 that contains an encrypted master key (111) based on a public key (P) of a pubUc-private key 
pair and encrypted content material (112, 114) that is decryptable based on a master key 
(121) corresponding to the encrypted master key (1 1 1), a decryption device (420) that 
decrypts the master key (121) from the encrypted master key (111) based on a private key (p) 
that corresponds to the public key (P) of the public-private key pair, a programming device 
25 (430) that records the master key (121) on the replacement access device (120*). 

18. The system of claim 17, wherein the programming device (430) also records 
the public key (P) on the replacement access device (120*). 

30 19. A recording (361) contained on a medium comprising: 

an encryption (1 1 1) of a master key (121) based on a public key (P) of a public-private key- 
pair whose decryption is facilitated by a private key (p) of the public-private key-pair, and 
an encryption of published material (101) whose decryption is facilitated by the master key 
(121). 
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20. The recording (361) of claim 19, wherein the medium includes at least one of: 

a magnetic tape, a magnetic disk, a laser disk, a CD, and a DVD. 
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